summaryrefslogtreecommitdiff
path: root/src/core
diff options
context:
space:
mode:
authorAuke Kok <auke-jan.h.kok@intel.com>2013-10-09 10:52:15 -0700
committerAuke Kok <auke-jan.h.kok@intel.com>2013-10-09 15:06:17 -0700
commit8552b17660033812080a11533bd0edce74401039 (patch)
tree9df309cf6f65af870b68d11481a904c7146cacaa /src/core
parent463b5dbb0d10227230468ee3adc3b50fce7d0707 (diff)
Smack: Test if smack is enabled before mounting
Since on most systems with xattr systemd will compile with Smack support enabled, we still attempt to mount various fs's with Smack-only options. Before mounting any of these Smack-related filesystems with Smack specific mount options, check if Smack is functionally active on the running kernel. If Smack is really enabled in the kernel, all these Smack mounts are now *fatal*, as they should be. We no longer mount smackfs if systemd was compiled without Smack support. This makes it easier to make smackfs mount failures a critical error when Smack is enabled. We no longer mount these filesystems with their Smack specific options inside containers. There these filesystems will be mounted with there non-mount smack options for now.
Diffstat (limited to 'src/core')
-rw-r--r--src/core/mount-setup.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index 7845e88644..73c2698ea3 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -42,6 +42,7 @@
#include "missing.h"
#include "virt.h"
#include "efivars.h"
+#include "smack-util.h"
#ifndef TTY_GID
#define TTY_GID 5
@@ -77,11 +78,11 @@ static const MountPoint mount_table[] = {
NULL, MNT_FATAL|MNT_IN_CONTAINER },
{ "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_NONE },
- { "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME,
- NULL, MNT_NONE },
#ifdef HAVE_SMACK
+ { "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME,
+ use_smack, MNT_FATAL },
{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777,smackfsroot=*", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
- NULL, MNT_IN_CONTAINER },
+ use_smack, MNT_FATAL },
#endif
{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
@@ -89,7 +90,7 @@ static const MountPoint mount_table[] = {
NULL, MNT_IN_CONTAINER },
#ifdef HAVE_SMACK
{ "tmpfs", "/run", "tmpfs", "mode=755,smackfsroot=*", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
- NULL, MNT_IN_CONTAINER },
+ use_smack, MNT_FATAL },
#endif
{ "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER },